Blob Blame History Raw
From 5851c34b92069dd955e862b856bb732eb263b058 Mon Sep 17 00:00:00 2001
From: Yannick Brosseau <scientist@fb.com>
Date: Thu, 3 Jul 2014 13:55:19 -0700
Subject: [PATCH 19/41] Don't go past the last element of indexVars in
 findEntryByPath

We add a chance of creating an infinite loop, because we
were reading memory past the last element of indexVars set to -1.

This issue was only apparent with -O2, probably because the way the
memory was initialized.

Signed-off-by: Yannick Brosseau <scientist@fb.com>
---
 grubby.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/grubby.c b/grubby.c
index 4516b92..4462fb9 100644
--- a/grubby.c
+++ b/grubby.c
@@ -1954,11 +1954,13 @@ struct singleEntry * findEntryByPath(struct grubConfig * config,
 	}
 
 	indexVars[i + 1] = -1;
-	
+
 	i = 0;
 	if (index) {
-	    while (i < *index) i++;
-	    if (indexVars[i] == -1) return NULL;
+	    while (i < *index) {
+		i++;
+		if (indexVars[i] == -1) return NULL;
+	    }
 	}
 
 	entry = findEntryByIndex(config, indexVars[i]);
-- 
2.4.3